Patch Analysis for July 2010

Special note: XP SP2 security patching is no more - Make sure your XP systems are SP3+.

There are 4 bulletins released today, 3 are considered by Microsoft to be highly exploitable and are rated critical. One of these is the Help Center URL Validation Vulnerability (MS10-042) which is currently being exploited on the internet. A Security Advisory (2219475) was issued last month. This will affect primarily XP workstations and possibly Server 2003 Terminal Servers even if a third –party browser is being used. The evidence indicates these attacks are on the increase. MS10-043 also affecting the Windows OS, “Canonical Display Driver Integer Overflow Vulnerability” is a little more obscure and not as likely to be successfully exploited. If it is exploited, a DNS is more likely than remote code. It is publicly disclosed however. It looks like only x64 based Windows 7 and Server 2008 are affected. Both of these Windows vulnerabilities are rated critical.

Once again those dreadful activeX controls rear their ugly heads. This time in Office Access (MS10-044). Finally MS10-045 reports a vulnerability in Office Outlook. A note about MS10-045: If you are running Office 2007 SP1, security feature of SP2 will be applied in addition to the patch. In all of the versions where this patch is applied linked file attachments can no longer be opened. Microsoft does offer a way to reduce the security and allow these to be opened (Microsoft KB 2271150). We agree with Microsoft in this: Carefully consider the risk before reducing security. A simple workaround is to put a hyperlink in the body of the message rather than a linked file attachment.

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime.

"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"

"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."